I try to join Включил Directory and Самба 4 in Ubuntu 12.04.05.
When I run host -t SRV _kerberos._udp.test.sg
I get the ошибка:
Host _kerberos._udp.test.sg not found: 3(NXDOMAIN)
meanwhile
$# host -t SRV _ldap._tcp.test.sg
_ldap._tcp.test.sg has SRV record 0 0 389 4ecapsvsg6.test.sg.
$# host -t A 4ECAPSVSG6.test.sg
4ECAPSVSG6.test.sg has address 10.153.64.5
My /etc/samba/smb.conf
:
# Global parameters
[global]
workgroup = TEST
realm = TEST.SG
netbios name = 4ECAPSVSG6
server role = active directory domain controller
dns forwarder = 10.153.64.5
security = ads
use kerberos keytab = true
password server = 4ecapsvsg6.test.sg
allow dns updates = nonsecure and secure
bind interfaces only = no
server services = +smb -s3fs
dcerpc endpoint servers = +winreg +srvsvc
passdb backend = samba4
server services = smb, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate, dns
My /etc/krb5.conf
:
[libdefaults]
default_realm = TEST.SG
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
[realms]
4ECAP.SG = {
kdc = 4ecapsvsg6.test.sg:88
admin_server = 4ecapsvsg6.test.sg:749
default_domain = test.sg
}
[domain_realm]
.test.sg = TEST.SG
test.sg = TEST.SG
[login]
krb4_convert = true
krb4_get_tickets = false
My /etc/hosts
:
127.0.0.1 localhost
127.0.1.1 4ecapsvsg6
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
10.153.64.5 4ecapsvsg6.test.sg 4ecapsvsg6
What is the solution? Without it I cannot run join domain with command:
sudo net ads join
which ты ешь out ошибку like
Failed to join domain: failed to lookup DC info for domain 'TEST' over rpc: Logon failure
I did kinit administrator
and klist
, result:
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator@TEST.SG
Valid starting Expires Service principal
26/03/2015 14:29:04 27/03/2015 00:29:04 krbtgt/TEST.SG@TEST.SG
renew until 27/03/2015 14:29:00
meanwhile i include my /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 10.153.64.5
search test.sg
domain test.sg
После того, как я гуглю на этой прошлой неделе, удачный, что я нашел этот сайт , http://edoceo.com/howto/samba4
, Оказывается, я должен отредактировать свой dnsmasq (/etc/dnsmasq.conf), добавляет эта строка:
srv-хост = _ kerberos. _ tcp.test.sg, 4ecapsvsg6.test.sg, 88 srv-хостов = _ kerberos. _ tcp.dc. _ msdcs.test.sg, 4ecapsvsg6.test.sg, 88 srv-хостов = _ kerberos. _ udp.test.sg, 4ecapsvsg6.test.sg, 88
srv-хост = _ kpasswd. _ tcp.test.sg, 4ecapsvsg6.test.sg, 464 srv-хоста = _ kpasswd. _ udp.test.sg, 4ecapsvsg6.test.sg, 464
и отключают Bind9 (который установил наряду с Samba4 по умолчанию)
Теперь проблемы, которые уводят:)
Только одна проблема остается, как соединиться с AD (который я открою другой поток для этого)